CTAB call Tuesday, February 9, 2021

 Attending

  • David Bantz, University of Alaska (chair)   
  • Brett Bieber, University of Nebraska (vice chair)  
  • Pål Axelsson, SUNET   
  • Rachana Ananthakrishnan, Globus, University of Chicago   
  • Tom Barton, University Chicago and Internet2, ex-officio  
  • Ercan Elibol, Florida Polytechnic University 
  • Richard Frovarp,  North Dakota State  
  • Eric Goodman, UCOP - InCommon TAC Representative to CTAB  
  • Meshna Koren, Elsevier  
  • Jon Miner, University of Wisc - Madison  
  • Andy Morgan, Oregon State University  
  • Dave Robinson, Grinnell College, InCommon Steering Rep, ex-officio  
  • Chris Whalen, Research Data and Communication Technologies  
  • Jule Ziegler,  Leibniz Supercomputing Centre  
  • Robert Zybeck, Portland Community College  
  • Johnny Lasker, Internet2   
  • Kevin Morooney, Internet2
  • Albert Wu, Internet2  HERE
  • Emily Eisbruch, Internet2 HERE

  Regrets:

  • John Pfeifer, University of Maryland  
  • Ann West, Internet2

Action Items

  • AI Jule reach out to HeatherF around EduPersonAssurance and REFEDs R&S 2.0 Working Group
  • AI ChrisW ask  at RAS Governance council about  eRA commons use cases  

Intellectual Property reminder   

Discussion

Welcome

  • Welcome Dave Robinson, CIO from Grinnell College in Iowa - InCommon Steering Liaison to CTAB

 Around the Community - Updates from Other Efforts

  • REFEDS Assurance Working Group - WG Meeting Notes
    • Tom, Pal and Albert participate 
    • Working group is discussing MFA, assurance proofing
    • For REFEDs MFA, some clarifications are needed on how to apply
      • hope to make the REFEDs MFA  profile clearer for adopters
      • for example how to handle Fail Open Close issues
    • Reviewing existing assurance framework and definitions, possibility to define different levels of identity proofing, rather than only referencing external resources
  • InCommon Steering update
    • Deciding on key questions for InCommon Steering to tackle in 2021
    • Focus on communication and outreach
    • Need to do a better job of explaining what InCommon offers, and how new orgs / entities can come on board
    • outreach to both IDPs and SPs
    • For existing InCommon participant organizations,  there is a need to  explain how to get more value from the federation 
    • Learned about InCommon Catalysts program
    • IDP as a Service and how that fits in
    • Market survey was done 5 years ago to gather data around InCommon Federation adoption and perceptions
  • REFEDs R&S 2.0 Working Group
    • Discussion on identifiers and restructuring the document
    • Making it apply to OIDC
    • Home institution attribute
    • R&S 1.0 and R&S 2.0 will be in parallel in the future
    • EduPersonAssurance discussion, need more advocating for this.
    • Pal advocates for EduPersonAssurance, but needs others
    • Need to explain the value for EduPersonAssurance or it will likely be dropped
    • Jule will help at the Assurance Working Group to better define need for EduPersonAssurance and then reach out to  REFEDs R&S 2.0 Working Group
    • AI Jule reach out to HeatherF around EduPersonAssurance and REFEDs R&S 2.0 Working Group
    • A lot of the work is driven by needs of SPs and IDPs
    • scopedAffiliation is another possible addition to REFEDs R&S
  • It was agreed that CTAB would like updates from other efforts on an ongoing basis.
    • InCommon TAC requests email updates from groups of interest


  Baseline Expectations V2 updates 

  • Baseline Expectations 2 Implementation Plan (timeline/schedule)
  • Developers have provided an API for BEv2 health check
  • Working on scripts for mail merge and health check report
  • Albert will work on graphs and adherence statistics
  • Johnny  is working on mail merge and messages for notification and health check status
  • Also figuring out how to handle bounces of emails
  • Suggestion to have placeholder for CTAB office hours in March
  • Have not yet heard many objections from community
  • But it will be good to have officer hours in case

  • Albert has started FAQ for Baseline Expectations 2.0
  •  https://spaces.at.internet2.edu/display/BE/be2-faq
  • Doc for collecting questions: Questions for BE2 FAQ 
  • JonM, got an interesting question.
    • UW-Madison hosts an entity for Illinois.  Illinois asked about the SIRTFI requirement in BE2.
    • JonM asked them to check their contract (and contacts). 
    • We may get more of this type of question. 
  • Good to collect such questions
  • Meshna: For an SP, there can be challenges asserting both Data protection Code of Conduct https://wiki.refeds.org/display/CODE/Data+Protection+Code+of+Conduct+Home and SIRTFI compliance. 
    • Must go through lawyers.
    • Lawyers ask for clarifications.
    • SIRTFI can be vague, and it must be vague by nature. But creates an issue with the lawyers.  
    • Need place to get answers about SIRTFI and what is OK
  • TomB: there’s a process to address such questions  around SIRTFI, there is REFEDs Steering committee.  Need to shine better light on the process
    • Would be helpful for SIRTFI working group  to know which SIRTFI items caused concern from the lawyers or others.
    • Please send to TomB or the SIRTFI working group any info on SIRTFI issues causing concern

  CTAB/NIH Assured Access Working Group Status Update

  • Assurance Access Working Group wiki: https://spaces.at.internet2.edu/display/aawg 
  • First meeting was last Thursday
  • Reviewed charter for the Working Group and goals
  • About 12 people attended
  • Plan to meet weekly
  • Next meeting, will talk about how to divide up work over next 8 weeks
  • Discuss how to get more participation in the working group and how to share progress
  • Ryan from U Nebraska and Brett will show proof of concept around complying with NIH requirements
  • Will share existing mapping of I9 with NIST SP800-63A 
  • Noted that timeline is short
  • NIH will start to implement new requirements in a few months
  • Advice for IdP operators on how to map/assert assurance
  • Encourage other RO and agencies to adopt same/equivalent assurance profiles

 NIH / eRA requiring MFA - update from NIH coordination call

  • There was a high-level communication oriented call w Jeff E from NIH
  • In addition, there was another call with implementation group 

  • MFA requirement
    • eRA will require MFA as of Sept 15, 2021
    • NIH is big organization and not everything moves at same pace
    • There is a Proxy NIH Login, supports a variety of credential types
    • There are tens of thousands of eRA (Electronic Research Administration) users
    • eRA (Electronic Research Administration) is retiring older login approaches
    • eRA is encouraging users to get login.gov credentials
    • They are also happy to promote federated credentials
    • A few steps needed until federated credentials can work with eRA
    • Account linking will be offered for organizations who need to use login.gov short term, but should use federated login in the long run.
    • Need to be able to signal to eRA

  • Identity assurance
    • The identity assurance needs will not be address across all of NIH, it will be per service
    • For some NIH services, the IAP values of a certain level may be required 
    • Other NIH services may require NIST 800-63-3
    • eRA (Electronic Research Administration)  is 800K credentials stored at NI
    • Set up years ago for researchers who receive a grant at a university or other research institution to report on funding for grant
    • How does this work with Login.gov?
    • Need to Map eRA process into IAL framework
    • Every year, now organizations will need to login using eRA
    • It seems likely that NIH will eventually get rid of eRA commons 
    • Globus platform users have applications that require identity from eRA commons: impact and communication to such stakeholders
    • [AI] ChrisW ask at RAS Governance council about  eRA commons use cases 

 

Next CTAB Call: Tuesday, Feb. 23, 2021

 

  

  

  • No labels